[wplug] iptables, port forwarding and vnc.
John Harrold
jmh17 at pitt.edu
Thu Mar 4 14:41:23 EST 2004
Sometime in March James O'Kane assaulted the keyboard and produced:
| On Thu, 4 Mar 2004, John Harrold wrote:
| > would it look something like this:
| >
| > $IPTABLES -t nat -A POSTROUTING -d $WINDOWS -j SNAT --to $PGW
|
|
| -s $WINDOWS these packets are coming from the windows machine, so it's -s
| for source. You probably want to add the --sport stuff too, so that it
| only matches the vnc packets.
| That also needs to be above any MASQUERADE line you might have, so I'm not
| sure if -A is what you want. You might need -I POSTROUTING 1.
i came up with something using xinetd. adding the following to
/etc/services
vnc-http 5800/tcp
vnc-http 5800/udp
vnc-main 5900/tcp
vnc-main 5900/udp
and adding this to /etc/xinetd.conf
service vnc-main
{
disable = no
flags = REUSE
socket_type = stream
protocol = tcp
wait = no
user = nobody
log_on_failure += USERID
redirect = 192.168.0.189 5900
port = 5900
}
service vnc-http
{
disable = no
flags = REUSE
socket_type = stream
protocol = tcp
wait = no
user = nobody
log_on_failure += USERID
redirect = 192.168.0.189 5800
port = 5800
}
--
--------------------------------------------------------------------------
| /"\
john harrold | \ / ASCII ribbon campaign
jmh at member.fsf.org | X against HTML mail
the most useful idiot | / \
--------------------------------------------------------------------------
What difference does it make to the dead, the orphans, and the homeless,
whether the mad destruction is brought under the name of totalitarianism or
the holy name of liberty and democracy?
--Gandhi
--------------------------------------------------------------------------
gpg --keyserver keys.indymedia.org --recv-key F65A739E
--------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://penguin.wplug.org/pipermail/wplug/attachments/20040304/0ee8d78c/attachment-0001.bin
More information about the wplug
mailing list